Security News, Articles and Updates

New email scam targeting accounts personnel at Fortune 500 companies

Criminals impersonate legitimate email accounts to initiate wire transfer fraud. Security researchers have uncovered an active Business Email Compromise (BEC) campaign targeting Accounts Payable personnel at Fortune 500.

Google divulges vulnerability in Microsoft Edge before patch is ready

Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.

Researchers find free ransomware variant being distributed on the Dark Web

Security researchers have identified a ransomware variant that is available for free on the Dark Web and is even unregistered. The discovery comes at a time when the ransomware trade is running on handsome commissions.

New Word malware attacks infect systems without using macros

Security researchers have discovered a new email spam campaign that tries to get users to open up Word document attachments that downloads a password stealer as its final payload.

Update: Dell storage platform security bugs allow root access

Security researchers recently unearthed up to nine security vulnerabilities in Dell EMC's Isilon OneFS platform that could allow remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root.

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

SC Congress 2018 Security best practices needed to stay in line with GDPR

It's not enough to do the minimum necessary now with enforcement of new rules less than 100 days away.With GDPR coming into force less than 100 days, organisations need to make sure they are using best practices for security now.

Adobe Patch Tuesday patches issues in Acrobat, Reader & Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Macintosh to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

How to deflect unrequited love from hackers this Valentine's Day

Tips on keeping businesses safe this Valentine's day - treat online approaches as you would in 'real life' - with caution.

Google will label all HTTP sites 'not secure' starting in July 2018

Google recently announced that the Chrome browser will soon start flagging every site not using HTTPS encryption as "not secure."

Security shortage forces CISOs to increase reliance on machine learning

With enterprises struggling with a massive shortage of experienced cyber-security professionals, today's CISOs are placing more faith in machine learning which they believe will be important to their IT security functions.

Amazon issues security patch for Key after researcher claims hack

Amazon is issuing a security patch for its "Key"services shortly after a researcher posted a video demonstration of them claiming to hack the Amazon device using a Raspberry Pi.

Serious DoS flaw spotted in WordPress platform - affects most versions

Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.

Cisco takes a second crack at fixing critical ASA bug

Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.

Desperately needed fix for Flash Player bug exploitation released by Adobe

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.

Two charged in ATM 'jackpotting' scheme that yielded £35K

Two men, who reportedly posed as ATM repairmen at a Citizen's Bank branch in Connecticut, were charged with infecting a drive-through ATM with malware and stealing up to US$ 50,000 (£35,000) in a jackpotting scheme.

JenX botnet using video game to recruit IoT devices

Security researchers have found a new botnet that uses flaws connected to the Satori botnet and uses hosting services running multiplayer versions of Grand Theft Auto to infect IoT devices.

Core Security releases advisory on Kaspersky Labs' Secure Mail Gateway

Core Security issued an advisory for multiple vulnerabilities it found in Kaspersky Labs' Secure Mail Gateway that if left unpatched could lead to administrative account takeover.

Securing your company culture

Mike Simmonds, managing director, Axial Systems believes employee attitude is as important as technology when securing data.

Cisco update eliminates DoS vulnerability in Aggregation Services Router OS

Cisco Systems on Wednesday issued a security update that fixes a high-severity denial of service vulnerability in release version 5.3.4 of its IOS XR Software for the Aggregation Services Router (ASR) 9000 Series.

Cisco warns of a critical vulnerability in its SSL VPN solution

Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.

Cisco patches ASA software flaw allowing VPN hacks

Cisco's latest security update patches an Adaptive Security Appliance (ASA) software vulnerability that could allow an attacker to gain complete control of an affected system.

Hackers exploit flaw in enterprise software to deploy Monero cryptominer

Security researchers recently observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner software to users' systems by leveraging Kaseya Ltd's Virtual Systems Administrator (VSA).

Number of 2017 cyber-incidents doubled, 93% could have been prevented

Out of nearly 160,000 reported cyber incidents affecting businesses in 2017, 93 percent could have been prevented by following basic security measures.

Apple releases more updates for Safari, iOS, macOS and more

Apple once again has released security updates for Safari, watchOS, iOS, various macOS systems, and tvOS to address various security issues, some of which could allow an attacker to take control of an infected system.

Chrome desktop update remedies 53 bugs, adds Spectre and Meltdown mitigations

Google's latest stable channel update for the Chrome browser on Windows, Mac and Linux desktop machines includes fixes for 53 security issues, including three high-severity vulnerabilities.

Biometrics as additional access route weaker than password-only protection

A society where identity authentication is allowed without users' volition would be a society where democracy is dead. The password as memorised secret is absolutely necessary says Hitoshi Kokumai.

NoSQL, no problem: securing non-relational databases

Choosing the right NoSQL provider is paramount. Built in security, rather than tacked on as an afterthought, can help take the onus off the developer and may make the difference between being breached or not.

US Defence Dept stops 36M malicious emails daily, 600 Gbps DDoS attacks

Attackers continue to consider email an attractive attack vector and this highlights the stresses that security pros face daily trying to sort through threats.

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix an array of vulnerabilities, including high-impact bugs in its Unified Customer Voice Portal (CVP), its NX-OS Software, and its Email Security Appliance (ESA).